Esempio n. 1
0
function pageController()
{
    if (Auth::isLoggedIn()) {
        header("Location: index.php");
        exit;
    }
    try {
        $email = Input::getString('email');
    } catch (Exception $e) {
        $email = '';
    }
    try {
        $password = Input::getString('password');
    } catch (Exception $e) {
        $password = '';
    }
    $user = UserModel::findByEmail($email);
    // if(empty($user))
    // {
    //  header("Location: users.create.php");
    //   exit();
    // }
    if (Auth::attempt($user, $password)) {
        Auth::setSessionVariables($user);
        header("Location: index.php");
        exit;
    }
    return array('email' => $email, 'loggedIn' => Auth::isLoggedIn());
}
Esempio n. 2
0
function pageController()
{
    $errors = [];
    if (!Auth::isLoggedIn()) {
        header('Location: users.create.php');
        exit;
    }
    $userObject = UserModel::find($_SESSION['user_id']);
    if (!empty($_POST)) {
        try {
            $userObject->first_name = Input::getString('firstName');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $userObject->last_name = Input::getString('lastName');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        if (Input::get('password1') == Input::get('password2')) {
            try {
                $userObject->password = Input::getPassword('password1', $userObject->first_name, $userObject->last_name, $userObject->email);
            } catch (Exception $e) {
                $errors[] = $e->getMessage();
            }
        }
        $userObject->save();
    }
    return ['user' => $userObject, 'errors' => $errors];
}
Esempio n. 3
0
function processForm($postImage)
{
    $errors = [];
    $errors['count'] = 0;
    $today = date("Y-m-d");
    //pass this to be inserted into the database
    //form was submitted when $_POST is not empty
    if (!empty($_POST)) {
        try {
            $category = Input::getString('category');
        } catch (Exception $e) {
            $errors['category'] = 'Category: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $postingTitle = Input::getString('title');
        } catch (Exception $e) {
            $errors['title'] = 'Posting Title: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $price = Input::getNumber('price');
        } catch (Exception $e) {
            $errors['price'] = 'Price: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $description = Input::getString('description');
        } catch (Exception $e) {
            $errors['description'] = 'Description: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $date_posted = Input::getDate('date_posted');
        } catch (Exception $e) {
            $errors['date_posted'] = 'Date Posted: ' . $e->getMessage();
            $errors['count']++;
        }
        if ($errors['count'] == 0) {
            $adObject = new AdModel();
            $adObject->category = $category;
            $adObject->title = $postingTitle;
            $adObject->price = $price;
            $adObject->description = $description;
            var_dump($postImage);
            $adObject->image = $postImage;
            $adObject->date_posted = $today;
            // hardcoded:  $adObject->user_id = $_SESSION['user_id'];
            $adObject->users_id = 1;
            $adObject->save();
            //unset the $_SESSION['image'] - will be using the one in the database
            unset($_SESSION['image']);
            header("Location: /ads.show.php?id=" . $adObject->id);
            //this will be the $_GET for the ads.show.php
            die;
        }
    }
    return $errors;
}
Esempio n. 4
0
function insertPost($dbc)
{
    //Setting username (currently hard coded, will use SESSION variable later)
    $username = "******";
    $user = User::findUserByUsername($username);
    var_dump($user);
    $userid = $user->userid;
    $errors = [];
    try {
        $title = Input::getString('title');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $description = Input::getString('description');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $location = Input::getString('location');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $email = Input::getString('email');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $price = Input::getString('price');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    if (Input::has('title')) {
        if ($_FILES) {
            // Create variable for the uploads direc for images in our server
            $uploads_directory = 'img/uploads/';
            $filename = $uploads_directory . basename($_FILES['image']['name']);
            if (move_uploaded_file($_FILES['image']['tmp_name'], $filename)) {
                // echo '<p>The file '. basename( $_FILES['image']['name']). ' has been uploaded.</p>';
            } else {
                //alert("Sorry, there was an error uploading your file.");
            }
        }
    }
    $date = date('Y-m-d');
    $insert_table = "INSERT INTO posts (userid, post_date, title, price, description, email, location, image) VALUES (:userid, :post_date, :title, :price, :description, :email, :location, :image)";
    $stmt = $dbc->prepare($insert_table);
    $stmt->bindValue(':userid', $userid, PDO::PARAM_STR);
    $stmt->bindValue(':post_date', $date, PDO::PARAM_STR);
    $stmt->bindValue(':title', $title, PDO::PARAM_STR);
    $stmt->bindValue(':price', $price, PDO::PARAM_STR);
    $stmt->bindValue(':description', $description, PDO::PARAM_STR);
    $stmt->bindValue(':email', $email, PDO::PARAM_STR);
    $stmt->bindValue(':location', $location, PDO::PARAM_STR);
    $stmt->bindValue(':image', $filename, PDO::PARAM_STR);
    $stmt->execute();
    return $errors;
}
Esempio n. 5
0
 public static function getPasswordMatch()
 {
     try {
         return Input::getString('passwordmatch', 0, 50);
     } catch (Exception $e) {
         self::addError($e->getMessage());
     }
 }
Esempio n. 6
0
 public static function getContact()
 {
     try {
         return Input::getString('contact', 0, 50);
     } catch (Exception $e) {
         self::addError($e->getMessage());
     }
 }
function insertPark($dbc, $park)
{
    $errorsArray = [];
    try {
        $name = Input::getString('name');
    } catch (Exception $e) {
        $error = $e->getMessage();
        array_push($errorsArray, $error);
    }
    try {
        $location = Input::getString('location');
    } catch (Exception $e) {
        $error = $e->getMessage();
        array_push($errorsArray, $error);
    }
    try {
        $date_established = Input::getDate('date_established');
    } catch (Exception $e) {
        $error = $e->getMessage();
        array_push($errorsArray, $error);
    }
    try {
        $area = Input::getNumber('area');
    } catch (Exception $e) {
        $error = $e->getMessage();
        array_push($errorsArray, $error);
    }
    try {
        $visitors = Input::getString('visitors');
    } catch (Exception $e) {
        $error = $e->getMessage();
        array_push($errorsArray, $error);
    }
    try {
        $description = Input::getString('description');
    } catch (Exception $e) {
        $error = $e->getMessage();
        array_push($errorsArray, $error);
    }
    if (!empty($errorsArray)) {
        return $errorsArray;
    }
    $query = "INSERT INTO national_parks (name, location, date_established, area, visitors, description)\n\t\t\t\tVALUES (:name, :location, :date_established, :area, :visitors, :description)";
    $query = $dbc->prepare($query);
    $query->bindValue(':name', $name, PDO::PARAM_STR);
    $query->bindValue(':location', $location, PDO::PARAM_STR);
    $query->bindValue(':date_established', $date_established, PDO::PARAM_STR);
    $query->bindValue(':area', $area, PDO::PARAM_STR);
    $query->bindValue(':visitors', $visitors, PDO::PARAM_STR);
    $query->bindValue(':description', $description, PDO::PARAM_STR);
    // $query->fetchAll(PDO::FETCH_ASSOC);
    $query->execute();
}
Esempio n. 8
0
function processForm($adObject, $postImage)
{
    $errors = [];
    $errors['count'] = 0;
    //form was submitted when $_POST is not empty
    if (!empty($_POST)) {
        try {
            $postingTitle = Input::getString('title');
        } catch (Exception $e) {
            $errors['title'] = 'Posting Title: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $price = Input::getNumber('price');
        } catch (Exception $e) {
            $errors['price'] = 'Price: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $description = Input::getString('description');
        } catch (Exception $e) {
            $errors['description'] = 'Description: ' . $e->getMessage();
            $errors['count']++;
        }
        if ($errors['count'] == 0) {
            //update the database
            // $adObject = new AdModel();
            $adObject->title = $postingTitle;
            $adObject->price = $price;
            $adObject->description = $description;
            $adObject->id = $_GET['id'];
            if ($postImage == "Database Image") {
                //no image was uploaded - use the database image
                $adObject->image = $adObject->image;
            } else {
                //new image uploaded - use new image
                $adObject->image = $postImage;
            }
            var_dump("adObject image: " . $adObject->image . "!");
            $adObject->date_posted = $adObject->date_posted;
            $adObject->category = $adObject->category;
            // hardcoded:  $adObject->user_id = $_SESSION['user_id'];
            $adObject->users_id = $_SESSION['user_id'];
            //this is hardcoded for now
            $adObject->save();
            unset($_SESSION['image']);
            header("Location: /ads.show.php?id=" . $adObject->id);
            //this will be the $_GET for the ads.show.php
            die;
        }
    }
    return $errors;
}
function updateData($dbc)
{
    $errors = [];
    if (!empty($_POST)) {
        try {
            $userName = Input::getString('username');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $password = Input::getString('pwd');
            $password = password_hash($password, PASSWORD_DEFAULT);
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $firstName = Input::getString('firstname');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $lastName = Input::getString('lastname');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $email = Input::getString('email');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $zipCode = Input::getNumber('zipcode');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        if (Input::notEmpty('username') && Input::notEmpty('pwd') && Input::notEmpty('firstname') && Input::notEmpty('lastname') && Input::notEmpty('email') && Input::notEmpty('zipcode')) {
            // create new instance of user class
            $user = new User();
            $user->first_name = $firstName;
            $user->last_name = $lastName;
            $user->user_name = $userName;
            $user->email = $email;
            $user->zipcode = $zipCode;
            $user->save();
            $_SESSION['logInMessage'] = "Your profile has been updated.!!!";
            header("Location:index.php");
            die;
        }
    }
    return $errors;
}
Esempio n. 10
0
function processForm()
{
    $errors = [];
    $errors['count'] = 0;
    //form was submitted when $_POST is not empty
    if (!empty($_POST)) {
        try {
            $firstName = Input::getString('first_name');
        } catch (Exception $e) {
            $errors['first_name'] = 'First Name: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $lastName = Input::getString('last_name');
        } catch (Exception $e) {
            $errors['last_name'] = 'Last Name: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            $email = Input::getString('email');
        } catch (Exception $e) {
            $errors['email'] = 'Email Address: ' . $e->getMessage();
            $errors['count']++;
        }
        try {
            if ($_POST['password1'] != $_POST['password2']) {
                throw new UnexpectedValueException("Do Not Match!");
            }
            $passwordOneHashed = Input::getPassword('password1', $firstName, $lastName, $email);
        } catch (Exception $e) {
            $errors['password1'] = 'Password: '******'count']++;
        }
        if ($errors['count'] == 0) {
            //no errors - add to the database
            $userObject = new UserModel();
            $userObject->first_name = $firstName;
            $userObject->last_name = $lastName;
            $userObject->email = $email;
            $userObject->password = $passwordOneHashed;
            $userObject->save();
            header("Location: /users.show.php?id=" . $userObject->id);
            //this will be the $_GET for the users.show.php
            die;
        }
    }
    return $errors;
}
function insertPark($dbc)
{
    $errors = [];
    try {
        $date = Input::getDate('date_established');
        $d = $date->format('Y-m-d');
    } catch (Exception $e) {
        $error = "An error occured: " . $e->getMessage() . PHP_EOL;
        array_push($errors['date_established'], $e->getMessage());
    }
    try {
        $name = Input::getString('name');
    } catch (Exception $e) {
        $error = "An error occured: " . $e->getMessage() . PHP_EOL;
        array_push($errors['name'], $e->getMessage());
    }
    try {
        $location = Input::getString('location');
    } catch (Exception $e) {
        $error = "An error occured: " . $e->getMessage() . PHP_EOL;
        array_push($errors['location'], $e->getMessage());
    }
    try {
        $area_in_acres = Input::getNumber('area_in_acres');
    } catch (Exception $e) {
        $error = "An error occured: " . $e->getMessage() . PHP_EOL;
        array_push($errors['area_in_acres'], $e->getMessage());
    }
    try {
        $description = Input::getString('description');
    } catch (Exception $e) {
        $error = "An error occured: " . $e->getMessage() . PHP_EOL;
        array_push($errors['description'], $e->getMessage());
    }
    if ($error) {
        echo $error;
        print_r($errors);
    } else {
        $insert = "INSERT INTO national_parks (name, location, date_established, area_in_acres, description)\n\tVALUES (:name, :location, :date_established, :area_in_acres, :description)";
        $stmt = $dbc->prepare($insert);
        $stmt->bindValue(':name', $name, PDO::PARAM_STR);
        $stmt->bindValue(':location', $location, PDO::PARAM_STR);
        $stmt->bindValue(':date_established', $d, PDO::PARAM_STR);
        $stmt->bindValue(':area_in_acres', $area_in_acres, PDO::PARAM_STR);
        $stmt->bindValue(':description', $description, PDO::PARAM_STR);
        $stmt->execute();
    }
}
function insertData($dbc)
{
    $errors = [];
    if (!empty($_POST)) {
        try {
            $name = Input::getString('name');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $location = Input::getString('location');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $date = Input::getDate('date_established');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $area = Input::getNumber('area_in_acres');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        try {
            $description = Input::getString('description');
        } catch (Exception $e) {
            $errors[] = $e->getMessage();
        }
        if (Input::notEmpty('name') && Input::notEmpty('location')) {
            $userData = 'INSERT INTO national_parks (name, location, date_established, area_in_acres, description)
							VALUES (:name, :location, :date_established, :area_in_acres, :description)';
            $userStmt = $dbc->prepare($userData);
            $userStmt->bindValue(':name', $name, PDO::PARAM_STR);
            $userStmt->bindValue(':location', $location, PDO::PARAM_STR);
            $userStmt->bindValue(':date_established', $date, PDO::PARAM_STR);
            $userStmt->bindValue(':area_in_acres', $area, PDO::PARAM_STR);
            $userStmt->bindValue(':description', $description, PDO::PARAM_STR);
            try {
                $userStmt->execute();
            } catch (Exception $e) {
                $errors[] = $e->getMessage();
                throw new Exception('Error: {$e->getMessage()}');
            }
        }
    }
    return $errors;
}
function insertpark($dbc)
{
    $name = Input::getString('parkname', 2, 100);
    $location = Input::getString('parklocation', 2, 100);
    $date = Input::getDate('date', '1776-07-04', '9999-01-01');
    $area = Input::getNumber('area', 0, 1000000000000);
    $description = Input::getString('parkdescription', 2, 10000);
    $inner = 'INSERT INTO national_parks (name, location, date_established, area_in_acres, description) VALUES (:name, :location, :date_established, :area_in_acres, :description)';
    $query = $dbc->prepare($inner);
    $query->bindValue(':name', $name, PDO::PARAM_STR);
    $query->bindValue(':location', $location, PDO::PARAM_STR);
    $query->bindValue(':date_established', $date, PDO::PARAM_INT);
    $query->bindValue(':area_in_acres', $area, PDO::PARAM_INT);
    $query->bindValue(':description', $description, PDO::PARAM_STR);
    $query->fetchAll(PDO::FETCH_ASSOC);
    $query->execute();
}
function insertPark($dbc)
{
    $errors = [];
    try {
        $username = Input::getString('username');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $password = Input::getString('password');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $email = Input::getString('email');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $first_name = Input::getNumber('first_name');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $last_name = Input::getString('last_name');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $phone = Input::getString('phone_number');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    if (!empty($errors)) {
        return $errors;
    }
    $userInput = $dbc->prepare('INSERT INTO users (username, password, email, first_name, last_name, phone) VALUES (:username, :password, :email, :first_name, :last_name, :phone)');
    $userInput->bindValue(':username', $username, PDO::PARAM_STR);
    $userInput->bindValue(':password', $password, PDO::PARAM_STR);
    $userInput->bindValue(':email', $email, PDO::PARAM_STR);
    $userInput->bindValue(':first_name', ucfirst($first_name), PDO::PARAM_STR);
    $userInput->bindValue(':last_name', ucfirst($last_name), PDO::PARAM_STR);
    $userInput->bindValue(':phone', $phone, PDO::PARAM_STR);
    $userInput->execute();
    return $errors;
}
function insertPark($dbc)
{
    $errors = [];
    try {
        $park = Input::has('park') ? Input::getString('park') : null;
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $location = Input::has('location') ? Input::getString('location') : null;
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $date_established = Input::has('date_established') ? Input::getDate('date_established') : null;
        $date_established = $date_established->format('Y-m-d');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $area_in_acres = Input::has('area_in_acres') ? Input::getNumber('area_in_acres') : null;
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $description = Input::has('description') ? Input::getString('description') : null;
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    if (!empty($errors)) {
        return $errors;
    }
    $query = "INSERT INTO national_parks (park, location, date_established, area_in_acres, description) VALUES (:park, :location, :date_established, :area_in_acres, :description)";
    $stmt = $dbc->prepare($query);
    $stmt->bindValue(':park', $park, PDO::PARAM_STR);
    $stmt->bindValue(':location', $location, PDO::PARAM_STR);
    $stmt->bindValue(':date_established', $date_established, PDO::PARAM_STR);
    $stmt->bindValue(':area_in_acres', $area_in_acres, PDO::PARAM_STR);
    $stmt->bindValue(':description', $description, PDO::PARAM_STR);
    $stmt->execute();
    return $errors;
}
Esempio n. 16
0
function pageController()
{
    $data = array();
    session_start();
    if (Auth::check()) {
        header("Location: index.php");
    }
    $username = Input::has('username') ? Input::getString('username') : '';
    $password = Input::has('password') ? Input::getString('password') : '';
    $errorMessage = "";
    if ($username == '' && $password == '') {
    } elseif (Auth::attempt($username, $password)) {
        header("Location: index.php");
        exit;
    } else {
        $errorMessage = "Login Failed. Please try again.";
    }
    $data['errorMessage'] = $errorMessage;
    return $data;
}
Esempio n. 17
0
function pageController($dbc)
{
    $errors = array();
    try {
        $item_name = Input::getString('item_name');
    } catch (Exception $e) {
        $error = $e->getMessage();
        array_push($errors, $error);
    }
    try {
        $price = Input::getString('price');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $image = Input::getString('image');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    try {
        $description = Input::getString('description');
    } catch (Exception $e) {
        array_push($errors, $e->getMessage());
    }
    if (!empty($_POST)) {
        // add inputed data into datebase
        if (Input::notEmpty('item_name') && Input::notEmpty('price') && Input::notEmpty('image') && Input::notEmpty('description')) {
            // if no errors were thrown runs insert park
            if (empty($errors)) {
                insertListing($dbc, $item_name, $price, $image, $description);
            }
            // elseif (Input::notEmpty('deleted_item_name')) {
            // 	$deleteListing($dbc);
            // }
            // else {
            // 	echo "Please make a valid entry.";
            // }
        }
    }
}
Esempio n. 18
0
function pageController()
{
    try {
        $query = Input::getString('query');
    } catch (Exception $e) {
        $query = '';
    }
    $ads = AdModel::search($query);
    $ads = array_map(function ($ad) {
        $truncateAt = 15;
        if (strlen($ad['description']) > $truncateAt) {
            $ad['description'] = substr($ad['description'], 0, $truncateAt) . '...';
        }
        return $ad;
    }, $ads);
    $ads = array_map(function ($ad) {
        $date = strtotime($ad['date_posted']);
        $ad['date_posted'] = date("F d, Y", $date);
        return $ad;
    }, $ads);
    return ['ads' => $ads];
}
    }

    try {
        $park->date_established = Input::getDate('date_established');
    } catch (Exception $e) {
        $errors[] = $e->getMessage();
    }

    try {
        $park->description = Input::getString('description');
    } catch (Exception $e) {
        $errors[] = $e->getMessage();
    }

    try {
        $park->location = Input::getString('location');
    } catch (Exception $e) {
        $errors[] = $e->getMessage();
    }

    if(empty($errors)) {
        $park->save();
    }

    unset($_POST);
}


$parks = Park::all();

?>
Esempio n. 20
0
 function insertAd($dbc, $user)
 {
     // Now calls on the Input class's getString and getDate methods with try catches.
     // Try catch create an array of errors for passing to the user in the HTML.
     $errorArray = [];
     try {
         $method = Input::getString('method', 1, 50);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errMethod'] = $error;
     }
     try {
         $title = Input::getString('title', 1, 50);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errTitle'] = $error;
     }
     try {
         $price = Input::getNumber('price', 0, 25000);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errPrice'] = $error;
     }
     try {
         $location = Input::getString('location', 1, 50);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errLoc'] = $error;
     }
     try {
         $description = Input::getString('description', 1, 500);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errDes'] = $error;
     }
     try {
         $categoriesArray = Input::get('categories', 1, 50);
         $categories = implode(', ', $categoriesArray);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errCats'] = $error;
     }
     // This portion allows for image uploads.
     if (Input::has('title')) {
         if ($_FILES) {
             $uploads_directory = 'img/uploads/';
             $filename = $uploads_directory . basename($_FILES['image_url']['name']);
             if (move_uploaded_file($_FILES['image_url']['tmp_name'], $filename)) {
                 // echo 'The file ' . basename($_FILES['image_url']['name']) . ' has been uploaded.';
             } else {
                 $errorArray['errImage'] = 'Sorry, there was an error uploading your file.';
             }
         }
     }
     // If the $errorArray is not empty, this will return out of the method before binding values and executing below. The $errorArray returns with an array of strings.
     if (!empty($errorArray)) {
         return $errorArray;
     }
     $stmt = $dbc->prepare('INSERT INTO ads (user_id, method, image_url, title, price, location, description, categories) VALUES (:user_id, :method, :image_url, :title, :price, :location, :description, :categories)');
     $stmt->bindValue(':user_id', $user->id, PDO::PARAM_STR);
     $stmt->bindValue(':method', $method, PDO::PARAM_STR);
     $stmt->bindValue(':image_url', $filename, PDO::PARAM_STR);
     $stmt->bindValue(':title', $title, PDO::PARAM_STR);
     $stmt->bindValue(':price', $price, PDO::PARAM_INT);
     $stmt->bindValue(':location', $location, PDO::PARAM_STR);
     $stmt->bindValue(':description', $description, PDO::PARAM_STR);
     $stmt->bindValue(':categories', $categories, PDO::PARAM_STR);
     $stmt->execute();
 }
Esempio n. 21
0
$offset = $limit * ($page - 1);
// Prepare statement for national parks
$stmt = $dbc->prepare("SELECT * FROM national_parks LIMIT :limit OFFSET :offset");
// Bind values for security
$stmt->bindValue(':limit', $limit, PDO::PARAM_INT);
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->execute();
$parks = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Process POST request
if ($_POST) {
    // Assign POST variables
    $newParkName = Input::has('park_name') && Input::get('park_name') != '' ? Input::getString('park_name') : '';
    $newParkLoc = Input::has('park_loc') && Input::get('park_loc') != '' ? Input::getString('park_loc') : '';
    $newParkDate = Input::has('date_est') && Input::get('date_est') != '' ? Input::getDate('date_est') : '';
    $newParkArea = Input::has('park_area') && Input::get('park_area') != '' ? Input::getNumber('park_area') : '';
    $newParkDesc = Input::has('park_desc') && Input::get('park_desc') != '' ? Input::getString('park_desc') : '';
    // Insert new park into DB
    $insert = $dbc->prepare('INSERT INTO national_parks (park_name, park_loc, date_est, area_in_acres, about_park)
        VALUES (:name, :location, :date, :area, :description)');
    $insert->bindValue(':name', $newParkName, PDO::PARAM_STR);
    $insert->bindValue(':location', $newParkLoc, PDO::PARAM_STR);
    $insert->bindValue(':date', date_format($newParkDate, 'Y-m-d'), PDO::PARAM_STR);
    $insert->bindValue(':area', $newParkArea, PDO::PARAM_STR);
    $insert->bindValue(':description', $newParkDesc, PDO::PARAM_STR);
    $insert->execute();
}
?>

<!DOCTYPE html>
<html>
<head>
Esempio n. 22
0
                $user->phone = $phone;
            } catch (Exception $e) {
                $errors['phone'] = "An error occurred: " . $e->getMessage();
            }
        } else {
            $phone = str_replace(str_split('() -'), "", Input::getString('phone'));
            var_dump($phone);
            try {
                $user->phone = $phone;
            } catch (Exception $e) {
                $errors['phone'] = "An error occurred: " . $e->getMessage();
            }
        }
        if ($pass1 == $pass2) {
            try {
                $passToHash = Input::getString('password');
                $user->password = password_hash($passToHash, PASSWORD_DEFAULT);
            } catch (Exception $e) {
                $errors['password'] = "******" . $e->getMessage();
            }
        } else {
            $errors['password'] = "******";
        }
        if (empty($errors)) {
            $user->save();
        }
    } else {
        $errors['allFields'] = "Please complete ALL FIELDS!";
    }
}
//this is for existing user login
Esempio n. 23
0
        $newPost->bindValue(':title', Input::getString('title'), PDO::PARAM_STR);
        $newPost->bindValue(':description', Input::getString('description'), PDO::PARAM_STR);
        $newPost->bindValue(':image_url', $filename, PDO::PARAM_STR);
        $newPost->bindValue(':price', Input::getNumber('price'), PDO::PARAM_STR);
        $newPost->bindValue(':category', Input::getString('category'), PDO::PARAM_STR);
        $newPost->bindValue(':posting_user', $_SESSION['LOGGED_IN_USER'], PDO::PARAM_STR);
        $newPost->execute();
        sleep(3);
        header('Location: index.php');
        exit;
    } else {
        $newPost = $dbc->prepare("INSERT INTO ads(title, description, price, category, posting_user) \n        VALUES(:title, :description, :price, :category, :posting_user)");
        $newPost->bindValue(':title', Input::getString('title'), PDO::PARAM_STR);
        $newPost->bindValue(':description', Input::getString('description'), PDO::PARAM_STR);
        $newPost->bindValue(':price', Input::getNumber('price'), PDO::PARAM_STR);
        $newPost->bindValue(':category', Input::getString('category'), PDO::PARAM_STR);
        $newPost->bindValue(':posting_user', $_SESSION['LOGGED_IN_USER'], PDO::PARAM_STR);
        $newPost->execute();
        sleep(3);
        header('Location: index.php');
        exit;
    }
}
$category = array('Accounting and Finance', 'Admin and Office', 'Appliances', 'Art/Media/Design', 'Arts and Crafts', 'Auto Parts', 'Automotive', 'Baby and kid', 'Biotech and Science', 'Books', 'Business/Mgmt', 'Cars and Trucks', 'Computer and Technology', 'Computers and Electronics', 'Customer Service', 'Education', 'Event', 'Furniture', 'Human Resources', 'Internet Engineers', 'Legal', 'Legal/Peralegal', 'Lessons', 'Medical/Health', 'Music', 'Pet', 'Real Estate', 'Realator', 'Salon/Spa/Fitness', 'Security', 'Software/QA/DBA', 'Sports and Outdoors', 'Technical Support', 'Tools', 'Transport', 'Video Gaming', 'Writing/Editing');
?>

<html>
<head>
    <title>Add Post</title>

    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css">
require_once 'db_connect.php';
require_once 'Input.php';
if (isset($_GET['page'])) {
    $page = $_GET['page'];
    if ($page < 1) {
        $page = 1;
    }
} else {
    $page = 1;
}
$limit = 4;
$offset = ($page - 1) * 4;
//prepare statements for user submissions
//A NOTE FROM THURSDAY: right now, the specific getDate/String/Number methods from Input class are only being applied at the user submission level. to update this, (remove these?? maybe not) add these to your PDO, or whatever it is called)
//note FROM THURSDAY CATCH LESSON: Push your errors onto an $errors[] array.
if (Input::has('nameSubmit') && Input::getString('nameSubmit') != "" && Input::has('acreageSubmit') && Input::getNumber('acreageSubmit') != "" && Input::getString('stateSubmit') && Input::has('stateSubmit') != "" && Input::getDate('date_estSubmit') && Input::has('date_estSubmit') != "" && Input::getString('descriptionSubmit') && Input::has('descriptionSubmit') != "") {
    echo "THANK YOU FOR YOUR INPUT." . PHP_EOL;
    $nameSubmit = $_POST['nameSubmit'];
    $stateSubmit = $_POST['stateSubmit'];
    $date_estSubmit = $_POST['date_estSubmit'];
    $acreageSubmit = $_POST['acreageSubmit'];
    $descriptionSubmit = $_POST['descriptionSubmit'];
    $stmt = $connection->prepare("INSERT INTO national_parks (name, location, date_est, acreage, description) VALUES (:nameSubmit, :stateSubmit, :date_estSubmit, :acreageSubmit, :descriptionSubmit)");
    $stmt->bindValue(':nameSubmit', $nameSubmit, PDO::PARAM_STR);
    $stmt->bindValue(':stateSubmit', $stateSubmit, PDO::PARAM_STR);
    $stmt->bindValue(':date_estSubmit', $date_estSubmit, PDO::PARAM_STR);
    $stmt->bindValue(':acreageSubmit', $acreageSubmit, PDO::PARAM_STR);
    $stmt->bindValue(':descriptionSubmit', $descriptionSubmit, PDO::PARAM_STR);
    $stmt->execute();
}
//to convert a query statement to a prepare statement, change query to prepare and change $variable to :variable
     $title = Input::getString('title', 0, 100);
 } catch (Exception $e) {
     $errors['title'] = $e->getMessage();
 }
 try {
     $price = Input::getNumber('price', 0, 15);
 } catch (Exception $e) {
     $errors['price'] = $e->getMessage();
 }
 try {
     $zip = Input::getNumber('zip', 5, 5);
 } catch (Exception $e) {
     $errors['zip'] = $e->getMessage();
 }
 try {
     $description = Input::getString('description', 0, 500);
 } catch (Exception $e) {
     $errors['description'] = $e->getMessage();
 }
 /*
  *	Further verification
  */
 if (!Input::has('call_poster') && !Input::has('text_poster') && !Input::has('email_poster')) {
     $errors['contact_poster'] = "You did not select a form of contact";
 }
 try {
     if (!isset($errors['zip'])) {
         $query = "\n\t\t\t\tSELECT `locId` \n\t\t\t\tFROM `location`\n\t\t\t\tWHERE `postalCode` = :postalCode\n\t\t\t\tLIMIT 1\n\t\t\t";
         $stmtZip = $dbc->prepare($query);
         $stmtZip->bindValue(':postalCode', $zip, PDO::PARAM_INT);
         $stmtZip->execute();
 function insertParks($dbc)
 {
     // Now calls on the Input class's getString and getDate methods with try catches.
     // Try catch create an array of errors for passing to the user in the HTML.
     $errorArray = [];
     try {
         $name = Input::getString('name', 0, 50);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errName'] = $error;
     }
     try {
         $location = Input::getString('location', 0, 50);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errLoc'] = $error;
     }
     try {
         $date_established = Input::getDate('date_established', '1776-07-04', 'next month');
         $date_established = $date_established->format('Y-m-d');
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errDate'] = $error;
     }
     try {
         $area_in_acres = Input::getNumber('area_in_acres', 0, 375000000);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errArea'] = $error;
     }
     try {
         $description = Input::getString('description', 0, 500);
     } catch (Exception $e) {
         $error = $e->getMessage();
         $errorArray['errDes'] = $error;
     }
     // If the $errorArray is not empty, this will return out of the method before binding values and executing below. The $errorArray returns with an array of strings.
     if (!empty($errorArray)) {
         return $errorArray;
     }
     $stmt = $dbc->prepare('INSERT INTO national_parks (name, location, date_established, area_in_acres, description) VALUES (:name, :location, :date_established, :area_in_acres, :description)');
     $stmt->bindValue(':name', $name, PDO::PARAM_STR);
     $stmt->bindValue(':location', $location, PDO::PARAM_STR);
     $stmt->bindValue(':date_established', $date_established, PDO::PARAM_STR);
     $stmt->bindValue(':area_in_acres', $area_in_acres, PDO::PARAM_STR);
     $stmt->bindValue(':description', $description, PDO::PARAM_STR);
     $stmt->execute();
 }
Esempio n. 27
0
     $errors[] = "Item - " . $e->getMessage();
 } catch (InvalidArgumentException $e) {
     $errors[] = "Item - " . $e->getMessage();
 }
 try {
     // Create a person
     $price = Input::getNumber('price');
 } catch (OutOfRangeException $e) {
     // Report any errors
     $errors[] = "Price - " . $e->getMessage();
 } catch (InvalidArgumentException $e) {
     $errors[] = "Price - " . $e->getMessage();
 }
 try {
     // Create a person
     $description = Input::getString('description');
 } catch (LengthException $e) {
     // Report any errors
     $errors[] = "Description - " . $e->getMessage();
 } catch (InvalidArgumentException $e) {
     $errors[] = "Description - " . $e->getMessage();
 }
 if ($_FILES) {
     $uploads_directory = 'img/uploads/';
     $filename = $uploads_directory . basename($_FILES['somefile']['name']);
     if (move_uploaded_file($_FILES['somefile']['tmp_name'], $filename)) {
         echo '<p>The file ' . basename($_FILES['somefile']['name']) . ' has been uploaded.</p>';
     } else {
         echo "Sorry, there was an error uploading your file.";
     }
 }
Esempio n. 28
0
    $pageID = $_GET['page'];
}
if ($_GET['page'] > $numPages) {
    header("Location: ?page={$numPages}");
    exit;
}
$query = "SELECT * FROM bat_user LIMIT :limit OFFSET :offset";
$stmt = $dbc->prepare($query);
//bind
$stmt->bindValue(':limit', $limit, PDO::PARAM_INT);
$stmt->bindValue(':offset', $offset, PDO::PARAM_INT);
$stmt->execute();
$items = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (Input::has('user_name') && Input::has('password') && Input::has('email')) {
    $user_name = Input::getString('user_name');
    $password = Input::getString('password');
    $email = Input::get('email');
    $formatDate = date("Y-m-d", strtotime($email));
    $insertQuery = "INSERT INTO bat_user (user_name, password, email)\n            VALUES (:user_name, :password, :email)";
    $stmt = $dbc->prepare($insertQuery);
    $stmt->bindValue(':user_name', $user_name, PDO::PARAM_STR);
    $stmt->bindValue(':password', $password, PDO::PARAM_STR);
    $stmt->bindValue(':email', $formatDate, PDO::PARAM_STR);
    $stmt->execute();
} else {
    $errorMessage = "Please fill out all fields to add a park.";
    $exceptionError = "input user_name";
}
?>
<!DOCTYPE html>
<html>
        $ad->origin = Input::getNumber('origin', 1, 25);
    } catch (Exception $e) {
        $errors[] = $e->getMessage();
    }
    try {
        $ad->vintage = Input::getNumber('vintage', 1, 25);
    } catch (Exception $e) {
        $errors[] = $e->getMessage();
    }
    try {
        $ad->price = Input::getString('price', 1, 1000);
    } catch (Exception $e) {
        $errors[] = $e->getMessage();
    }
    try {
        $ad->description = Input::getString('description', 1, 1000);
    } catch (Exception $e) {
        $errors[] = $e->getMessage();
    }
    $ad->post_date = date('Y-m-d h:i');
    $ad->save();
    /*model then handles the save on object*/
}
var_dump($_REQUEST);
?>


<html>
<head>
  <title>Edit an Existing Wineseller Ad</title>
   <meta name="viewport" content="width=device-width, initial-scale=1">
Esempio n. 30
0
     $parklocation = Input::getString('location');
 } catch (Exception $e) {
     array_push($errorMessages, $e->getMessage());
 }
 try {
     $parkdate = Input::getDate('date_established');
 } catch (Exception $e) {
     array_push($errorMessages, $e->getMessage());
 }
 try {
     $parksize = Input::getNumber('area_in_acres');
 } catch (Exception $e) {
     array_push($errorMessages, $e->getMessage());
 }
 try {
     $parkdescr = Input::getString('description');
 } catch (Exception $e) {
     array_push($errorMessages, $e->getMessage());
 }
 if (empty($errorMessages)) {
     $checkrow = 'SELECT id FROM national_parks WHERE name = :name';
     $stmt = $dbc->prepare($checkrow);
     $stmt->bindValue(':name', $parkname, PDO::PARAM_STR);
     $stmt->execute();
     $checkedID = $stmt->fetchColumn();
     if ($checkedID == null) {
         $insert = "INSERT INTO national_parks (name, location, date_established, area_in_acres, description) VALUES (:name, :location, :date_established, :area_in_acres, :description)";
         $stmt = $dbc->prepare($insert);
         $stmt->bindValue(':name', $parkname, PDO::PARAM_STR);
         $stmt->bindValue(':location', $parklocation, PDO::PARAM_STR);
         $stmt->bindValue(':date_established', $parkdate->format('Y-m-d'), PDO::PARAM_STR);